Cant you even be bothered to read the site you linked to?
The term 'open source' is NOT trademarked. OSI says so quite clearly on their website which you linked to but didnt actually look at.
http://www.opensource.org/docs/certification_mark.html
The Open Source Definition spells out the essential qualities of open source software. Unfortunately, the term "open source" itself is subject to misuse, and because it's considered descriptive, it can't currently be legally protected as a trademark (which would have been our first choice).
What is it with people on/. who think they are the kings of words.
You dont get to decide what the word 'open' means.
The OSI (a USA California non-profit) doesnt get to decide what the word 'open' means.
The FSF doesnt get to decide what the word 'open' means.
It means something different to different people, plus there are general consensus and industry specific consensus.
For those of us who have been in this industry longer than OSI or FSF existed and/or were making press, 'open source' usually means 'viewable source'.
It generally does not mean 'view and modify'. In fact, it usually doesnt make any judgement about the 'and modify' part at all. It means 'view' and anything beyond that is license specific.
In fact, even currently, the ONLY subgroup I know of who think 'open source' can ONLY mean GPL or 'OSI approved license' is the current linux zealot crowd. It's not even the Linux users, its the tiny vocal and zealous minority.
The bottom line is that for you to sit there and proclaim to the universe what a word means to everybody is just insanity. There is no such rule as what you are proclaiming, and there cannot be, since you cant control the inside of people's heads.
OSI is a recent org (founded in 1998 according to their webpage), the term 'open source' has been around for much, much longer than the OSI has even existed.
What you've linked to is NOT _the_ definition of 'open source'.
It is how OSI defines the term 'open source' within the context of a development methodology.
From that link:
Open source is a development method for software that harnesses the power of distributed peer review and transparency of process. The promise of open source is better quality, higher reliability, more flexibility, lower cost, and an end to predatory vendor lock-in. OSI is a US California non-profit organization. They are not the owners of the phrase or concept of 'open source'.
Further, by most people's common understanding of the word 'open', shared source is indeed 'open'. It may not carry an OSI approved license, and may not carry the 'Open Source Initiative Approved' trademark of theirs, but that doesnt make it any less 'open' in the common sense of the word.
Keep in mind, the term 'open source' hugely predates the FSF and GPL, and was generally understood to mean 'source available' or 'source viewable'. It didnt go beyond that.
Stallman and FSF came along and in large part (though of course they had conceptual precursors) invented/defined-clearly the concept of FOSS or 'libre' or free-as-in-speech kind of 'open source'.
Mind you, MS even largely sticks with the OSI approved terminology, though it is in no way required to. They rigorously didnt use the term 'open source' until they had OSI approved licenses.
No, the GPL is pretty clear, to my eyes anyway. LOL yeah, its so clear that they made 2 different generational variants to clear up the situation (gplv3 and affero).
And its so clear that there are constant arguments between devs on what constites the different types of linking you might do with GPL and therefore how and in what way you're bound by it.
What I do find confusing is some of the naming conventions used by Microsoft. Office Open XML, for example, might give someone the impression that it is in some way connected with Open Office. Why? Most people have never even heard of Open Office or know what it is. And the words are in different order. And it is a completely factually accurate description of the thing.
It is about 'Office'.
It is 'open' (in the common sense of the word).
It is 'XML'.
And its NOT called 'Open Office XML'. It's called 'Office Open XML'.
Havent you ever noticed this trend with MS? They have smart marketing people. They name things in very generic ways. Its a common technique used to help associate the entire concept/category/industry/whatever with your specific product, like Sony famously did with the walkman, Kleenex with kleenex, etc.
MS does it with SQL Server, Office, Windows, Small Business Accounting, Retail Management System, etc etc. Thats their thing, they have a long history of it, and its worked well for them.
This goes for the names of their new licensing models too, which is kind of the point of the article. The article was fairly silly. It basically boils down to: I think shared source is going to confuse people into thinking it means open source, even though it doesnt say open source.
Thats bollocks. If it was meant to confuse with open source, then it would be called open source, or use some synonym of 'open' as the first word. The fact that they chose a word (shared) that is both descriptivelly accurate and unambiguous with 'open' should have made that clear to everybody.
You would think a company that sued another company for violating their trade mark would be more careful about creating confusion in the marketplace, unless their goal isn't really to offer flexible licensing and open standards. Where has this created confusion in the marketplace?
MS-PL and MS-RL are trivially distinguishable and different from GPL, BSD, etc. Their licenses that are open source according to OSI they call open source, the rest they call shared source.
Seems pretty unambiguous to me.
I think the bottom line here is that no reasonable person, either professional in this industry or lay, would be confused by this.
OSI has a trademark on the term "Open Source", so naturally they are allowed to define what "Open Source" means. The ignorance on/. is appalling.
From the OSI website:
http://www.opensource.org/docs/certification_mark.html
Unfortunately, the term "open source" itself is subject to misuse, and because it's considered descriptive, it can't currently be legally protected as a trademark (which would have been our first choice). From that same page, they DO have a trademark, but its not on 'open source':
Since the community needs a reliable way of knowing whether a piece of software really is open source, OSI is registering a trademark, Open Source Initiative Approved, for this purpose. If you see this mark on a piece of software, either the software really is being distributed under a license that conforms to the Open Source Definition, or the distributor is misusing the mark and thereby breaking the law. Please make some sort of attempt to be at least remotely factually accurate in your postings.
So they purposely chose a term that is different and obviously not 'open source', and have went to great lengths to make sure that no one reading about this stuff confuses them with open source.
What exactly are we supposed to be up in arms about?
The term 'shared source' is descriptively accurate, in that it is source that MS is sharing. The word 'shared' in no way implies to any reasonable person that it is open or free/libre.
It's so bad, they even managed to trick the Free Software Foundation's own lawyers into certifying the MS-PL (for example) as Free and compatible with the GLPv3. Really?
Can you cite this?
I think what you mean to say is that they got the OSI folks to approve MS-PL and MS-RL as Open Source licenses.
Nowhere does anything say that they are GPLv3 compatible. I'm fairly sure a trivial read of GPLv3 would show that the GPLv3 by itself would prohibit this.
If you think the term 'shared source' is confusing, then wouldnt also 'closed source' be confusing?
Isnt it relevant that MS has plastered all over their documentation that their licenses are NOT traditional open source licenses, and that they scrupulously avoid the term 'open source' for licenses that arent OSI approved?
No. The term open source software (OSS) is broadly applied to any (or a combination) of four interrelated concepts: the OSS development model, OSS philosophies, OSS licensing regimes, and OSS business models. However, first and foremost, OSS is a development model built around the idea of community creation and sharing of source code. The other three concepts, and the debates surrounding them, lend further definition to the OSS movement or "culture."
Microsoft has been learning from the OSS community regarding the benefits of deeper collaboration and increased transparency leading to better communication with customers. We believe the most effective pathway for a commercial software company is to strike a balance between investing in research and development and the release of intellectual property assets in the form of source code for both reference and collaborative purposes.
For more information on Microsoft and open source, please visit http://www.microsoft.com/opensource. And lets look at the common acronyms of the things used:
MS-PL, MS-RL
Compare that to:
GPL LGPL Apache BSD etc
Where exactly do you see the confusion? I cant imagine any better way for MS to make them clear and unambiguous than by sticking MS- in front of them, and making sure they dont look anything like GPL or LGPL.
It sounds to me that you're so blinded by your zealotry that any MS use of the word 'source' in any form would be perceived by you as some great evil coming to get us.
No a piece of software can be fixed but saying it needs to mature implies it's immature and thus not ready.
Did you not read the paragraph you quoted? I listed all the things that change that are involved with a software product (especially an operating system) maturing. Drivers are huge. Third party software adapting to changes in the OS is huge. Resellers figuring out how to build a more stable distro is huge (you do realize that resellers heavily customize the distribution of windows, right? and that MS has no say over that, right?). Lastly, IT professionals learn the tricks and traps around using and managing the OS.
All of these things are factual things that happen. Most of them directly impact the stability, functionality of the system from the end-users perspective, and from that perspective are just all parts of the OS.
Are you seriously suggesting that there is no maturation of the ecosystem around OS's that affects their stability and functionality? If so, I'd like to hear some specific responses to the things I outlined above, about how they do not in fact have an effect.
There is more to a car than the steering wheel and gear shift. Secondly, programming plays a major part of car design these days.
Programming does play a part, but its much simpler in scope. In particular, a key element is that its a fixed system. You dont have other people randomly adding other software elements to it that it must be expected to work with. (yes, there are 3rd party chipping systems, but there is no expectation from the car maker that these things are supported, and the chip vendors often have to do major reverse engineering work to get them functional).
In fact some cars run Windows if MS can supposedly get it right for the car then why not at home?
The cars dont 'run' windows, as in that windows has anything to do with the functionality of the car. It's all ancillary stuff like radio, navigation, phone, etc. And that windows version is a heavily modified, stripped down version that *gasp* is highly limited to the platforms it will run on.
Exactly, when a car does fowl up on a massive scale it's taken off the market. That's not the case with an OS and an OS isn't just something you play around with.
A car is taken off the market if and only if either 1) the car manufacturer decides that a recall is less expensive than individual lawsuits and repairs, or 2) a gov agency demands it.
However, OS's can be patched much easier. Some car/recall situations do get 'patched' in that you are instructed to take your car into a dealer and they make a modification.
The bar to take something off the market though is fairly high. It has to either actively injure/hurt/kill people or their tangible property, or cause problems on such a massive scale that its disruptive to society.
Despite the/. blather, this is not even remotely the case here. The problems resulting from installs is, from everything I can see, a tiny proportion of the population. However, every nut can make a blog, so this kind of stuff gets big press now. In all seriousness, you could have this level of news if only 100 people had this problem.
This isn't something that should just be released in a half assed manner by a company that takes zero responsibility for what it does.
I think you underestimate the complexity of the issue here. The number of permutations that could be present on a machine is nearly infinite. You cant test an infinite number of things. Especially when OEMs are able to cause their own set of problems with their custom distributions.
Of course it should translate into better products. You have more money than anyone else. You should then be able to buy the best programmers, you should be able to have a huge testing facility and just on those two factors alone means you produce something better than some small timer.
Gutmann ranks up there with such notoriety as Steve Gibson.
Since you so kindly linked it (as if anyone hasnt seen that waaaay back when it came out), did you bother to read it?
Do you notice that nowhere in the entire write-up does it ever mention whether any of Gutmann's theories are actually based on the product itself? Or just his theories about how someone might write an OS based on some white papers and documentation he's read?
Because, in true media-savvy pseudo-scientific fashion, Gutmann never actually makes any claim that any of his theories are actually borne out in the actual product. In fact, based on his writeup there, he's NEVER ACTUALLY TESTED ANY OF HIS THEORIES.
Think about that for a second. A research scientist who makes huge claims about a product, based on his theoretical modelling of how it probably worked based on some white papers and documentation he read, but never actually tested whether any of his theories are true.
Thats not being a very good scientists.
You have to take stuff like this with a grain of salt, you can't just believe everything you read.
I'll state it again, for clarity:
ALL of Gutmann's Vista postings are theoretical.
He has NEVER (based on that document) tested any of his theories against the actual product.
Nearly all of his theories are based on how he believes 3rd party IHVs would develop drivers if they adhered perfectly to the spec, which they are not required to do.....
All that being said, even if all of Gutmann's theories were perfectly borne out in reality (which they dont appear to be), these are all optional systems.
In addition, one bad optional subsystem does not make the entire product broken by design. There are numerous huge improvements to the underlying product. Just the lightweight MAC style perms on services, and the windowing re-write to prevent shatter style attacks, are big. The new process scheduler and I/O scheduler are huge. The kernel patch protection is just.... gargantuan. SMB2 for high bandwidth high latency networks is years overdue, but very welcome.
And lastly, as my business' self-chosen Vista guinea pig (Vista Business x64), I've got to say its been surprisingly good. I havent run into any of Gutmann's theoretical problems, and the system has been quite amazingly stable. Much more so than my XP boxes were, at least as measured by how long my laptop can do its daily duty (4-10 standby/hibernates, and several dozen network/vpn switches) without needing to be rebooted. In general, my lapto is still quite stable when super tuesday comes up each month, and still not needing a reboot.
Based on my direct, personal experience (ie, not theoretical rumblings), Vista has made some significant fundamental improvements in the Windows OS. However, it was released rough, and is still stabilizing.
You do of course realize that only bad techs do what you describe?
Or (sometimes) organizations that have their imaging process down to such a polish that rolling out a new machine takes 30-60 minutes to completion, and so they make a business/economic decision not to try to do individual troubleshooting unless they detect widespread problems.
But overall what your'e talking about are lazy/incompetent techs.
Everything in windows is repairable. Sometimes its not worth the cost to do so, but good techs will often take the time to figure out why, so that they're armed in the future.
Oh, by the way, can anyone confirm whether or not this is fixed yet: Disable indexing, then try to type something into the search in the Start menu. Watch system explode, because each character spawns a new thread to search, without killing the old one. Doesn't take very much to bring the whole thing crashing down. Just tested this on my box, and it does not perform as you describe.
The hard drive is hit a bit more, and the results take a little longer, and the processor jumps to 10-20%, but thats the only difference I see.
And frankly, my suggestion would be to leave indexing on. You take a 1-2 day hit in performance (more or less, depending how much data you have and how fast your machine is), once ever. Then its indexed, and you never get hit by that drive-thrashing business again, but search is instant throughout the OS.
XP was only passable because of 7+ years of maturing on largely the same core system. But it had many huge glaring defects in its underlying systems. It was broken by (legacy) design, and only usable through many years of polish.
Vista has many things finally done right internally, with huge, technically and architecturally improved internals. But Vista failed miserably at: marketing (particularly around the Vista capable garbage), hardware ecosystem (ie, bad drivers), software ecosystem (ie, poorly built software that didnt work in Vista's locked down environment).
But like XP, Vista will mature, and the market will adapt around it. And once it stabilizes, its a vastly technically superior system than XP was, albeit at a cost of massively increased resource requirements.
Secondly this whole "Vista is maturing" rubbish doesn't work. Vista is not a child, pet or a plant. It's not expected to grow. It should work out of the box. Of course it matures. All software matures. It gets patched. Drivers get better. Third party software gets better. IT pros get better at managing it. Resellers get better at making machines that work well out of the box on it.
Your suggestion that nothing changes once a v1.0 product releases is what is rubbish. All of what I describe is true of nearly every piece of software, and definitely all OSs.
Console gaming was always superior to PC gaming in terms of quality because there wasn't any patching. No patching? Every console I've ever owned (except the SNES) has patched itself. And games on them have received patches. And this seems like a reasonable tradeoff to me, as my current xbox 360 can do so very many things that my SNES back in the day could never do.
There is no reason software companies, especially one as large and as rich as Microsoft can't get it right on the first go. And lets follow that line of thought.
Compare an operating system to a car. A car is at least a couple orders of magnitude simpler (ie, less complexity) than an Operating System. And it has a high risk of death or injury if they dont get something right. Whereas with an OS the worst risk is some minor property loss.
Yet cars have lots of problems. Lots of recalls. Lots of problems that dont cost car manufacturers enough money to make it worth going through a recall. Lots of poor user engineering, and inherently faulty (ie, fast fail) designs.
And operating systems are a little worse. But the complexity is hugely bigger, and the risks/downsides are much less.
Sounds pretty reasonable to me. Not ideal, but quite in line with a pragmatic approach to reality.
Why do you think company size and wealth should translate to better products? There is absolutely no evidence (and much counter evidence, Brooks, et al) to show that bigger companies produce better software.
Tell me this, are you willing to by a car, dvd player or microwave that only sort of works out of the box and the manufacturer promising to fix it at a later date? Yeah, thats how pretty much all those industries work. Every car I've ever bought has been inferior to the one that came out the very next year. They keep doing crazy stuff like making improvements, adding new features, and overall refining the product. Kind of like software.
I've personally made successful sql injection attacks (in-house pen testing, not black hatting) of this sort against a variety of other platforms that had nothing to do with Microsoft, including Oracle and MySQL.
I'm not going to go into details here as I already responded in more detail to another of your posts.
Microsoft SQL Server is particularly vulnerable to SQL injection in a way that most other databases aren't. The problem is multiple statement execution just by inserting semicolons. That is incorrect.
Most mainstream databases allow you to do this. Oracle and MySQL off the top of my head that I've personally done this on.
Some db adapter libraries (like one of the real simple ones in PHP for MySQL) dont let both statements get through and/or throw an error, and/or cant handle multiple result sets.
But keep in mind, an attack like this doesnt require both statements to be run in the same batch or in the same transaction, since there's no connection between the two and no result set from the second command.
This simplifies the requirements. Some DB libraries dont allow multiple result sets to come back, but the vast majority allow multiple commands to be sent.
Catalog access isn't much of a vulnerability if an attacker cannot trivially execute SQL ad lib. with a single unchecked parameter./quote.
What allows an attacker to trivially execute SQL isnt anything to do with MSSQL, but with the app design that is concatenating sql strings and then passing them unchecked to the db.
This exact problem is hugely rampant on PHP/MySQL sites.
When doing casual pen-testing at prior jobs, I've made this sort of attack work against Oracle WebDB, PHP/MySQL, ASP/MSSQL, and Java/Oracle.
And, as to the SQL injection itself, if ASP doesn't have placeholders, I would blame MicroSoft. Interpolating fields into DB statements is just asking for trouble. Using ASP/ADO/MSSQL there are several ways to protect against this.
1. Use prepared statements (also sometimes called parameterized queries, and what you're calling placeholders).
2. Use stored procedures and pass parameters.
3. Clean the form fields before putting them into your sql statement (the php approach, and also the least safe).
You could do this in hibernate as well. Hibernate allows you to run raw sql against the db (in addition to the HQL, you can also send raw SQL).
We've used this in the past where we had to do some fairly extreme performance optimizations for a hideous query across many joined tables, etc etc. The different db platforms required server-specific syntax to get it to perform adequately.
In addition, Hibernate is only avaialbe on Java and.NET.
This particular story is about ASP (not asp.net) pages getting hit, for which hibernate is not available.
There are other simpler solutions that arent so painful or intrusive.
The easiest is just to use prepared/parameterized queries.
I think many of us have gone through the 'everything should be stored procedures' phase, but that really only works for a niche (albeit a large one) of app development.
You keep saying 'multiple statement protection' as if allowing multiple statements in a batch is a bad thing that should be prevented by any sane person.
Allowing multiple statements (and multiple active result sets) is a commonly used feature for many legitimate purposes. It's not something bad to be blocked. Nearly every major db platform provides this.
Some of the language-specific adapters to said sql servers never got around to implementing this feature, but its not blocked because its a security risk.
Saying so is roughly equivalent to saying governments should enact 'metal protection' and outlaw all forms of metal, just because its possible to use metal to make a knife and hurt people.
Slashdot Mirror
The term 'open source' is NOT trademarked. OSI says so quite clearly on their website which you linked to but didnt actually look at.
http://www.opensource.org/docs/certification_mark.html The Open Source Definition spells out the essential qualities of open source software. Unfortunately, the term "open source" itself is subject to misuse, and because it's considered descriptive, it can't currently be legally protected as a trademark (which would have been our first choice).
What is it with people on /. who think they are the kings of words.
You dont get to decide what the word 'open' means.
The OSI (a USA California non-profit) doesnt get to decide what the word 'open' means.
The FSF doesnt get to decide what the word 'open' means.
It means something different to different people, plus there are general consensus and industry specific consensus.
For those of us who have been in this industry longer than OSI or FSF existed and/or were making press, 'open source' usually means 'viewable source'.
It generally does not mean 'view and modify'. In fact, it usually doesnt make any judgement about the 'and modify' part at all. It means 'view' and anything beyond that is license specific.
In fact, even currently, the ONLY subgroup I know of who think 'open source' can ONLY mean GPL or 'OSI approved license' is the current linux zealot crowd. It's not even the Linux users, its the tiny vocal and zealous minority.
The bottom line is that for you to sit there and proclaim to the universe what a word means to everybody is just insanity. There is no such rule as what you are proclaiming, and there cannot be, since you cant control the inside of people's heads.
They did NOT coin the term.
OSI is a recent org (founded in 1998 according to their webpage), the term 'open source' has been around for much, much longer than the OSI has even existed.
It is how OSI defines the term 'open source' within the context of a development methodology.
From that link: Open source is a development method for software that harnesses the power of distributed peer review and transparency of process. The promise of open source is better quality, higher reliability, more flexibility, lower cost, and an end to predatory vendor lock-in. OSI is a US California non-profit organization. They are not the owners of the phrase or concept of 'open source'.
Further, by most people's common understanding of the word 'open', shared source is indeed 'open'. It may not carry an OSI approved license, and may not carry the 'Open Source Initiative Approved' trademark of theirs, but that doesnt make it any less 'open' in the common sense of the word.
Keep in mind, the term 'open source' hugely predates the FSF and GPL, and was generally understood to mean 'source available' or 'source viewable'. It didnt go beyond that.
Stallman and FSF came along and in large part (though of course they had conceptual precursors) invented/defined-clearly the concept of FOSS or 'libre' or free-as-in-speech kind of 'open source'.
Mind you, MS even largely sticks with the OSI approved terminology, though it is in no way required to. They rigorously didnt use the term 'open source' until they had OSI approved licenses.
My bad, I had never seen of nor heard of that.
... but I guess that speaks to 'open-ness' of the MS-PL.
Thanks for the correction.
Frankly I'm surprised
My bad, I had never seen of nor heard of that.
... but I guess that speaks to 'open-ness' of the MS-PL.
Thanks for the correction.
Frankly I'm surprised
And its so clear that there are constant arguments between devs on what constites the different types of linking you might do with GPL and therefore how and in what way you're bound by it. What I do find confusing is some of the naming conventions used by Microsoft. Office Open XML, for example, might give someone the impression that it is in some way connected with Open Office. Why? Most people have never even heard of Open Office or know what it is. And the words are in different order. And it is a completely factually accurate description of the thing.
It is about 'Office'.
It is 'open' (in the common sense of the word).
It is 'XML'.
And its NOT called 'Open Office XML'. It's called 'Office Open XML'.
Havent you ever noticed this trend with MS? They have smart marketing people. They name things in very generic ways. Its a common technique used to help associate the entire concept/category/industry/whatever with your specific product, like Sony famously did with the walkman, Kleenex with kleenex, etc.
MS does it with SQL Server, Office, Windows, Small Business Accounting, Retail Management System, etc etc. Thats their thing, they have a long history of it, and its worked well for them. This goes for the names of their new licensing models too, which is kind of the point of the article. The article was fairly silly. It basically boils down to: I think shared source is going to confuse people into thinking it means open source, even though it doesnt say open source.
Thats bollocks. If it was meant to confuse with open source, then it would be called open source, or use some synonym of 'open' as the first word. The fact that they chose a word (shared) that is both descriptivelly accurate and unambiguous with 'open' should have made that clear to everybody. You would think a company that sued another company for violating their trade mark would be more careful about creating confusion in the marketplace, unless their goal isn't really to offer flexible licensing and open standards. Where has this created confusion in the marketplace?
MS-PL and MS-RL are trivially distinguishable and different from GPL, BSD, etc. Their licenses that are open source according to OSI they call open source, the rest they call shared source.
Seems pretty unambiguous to me.
I think the bottom line here is that no reasonable person, either professional in this industry or lay, would be confused by this.
What a terrible analogy. This only works in the special case where your windows are transparent.
Lets change that to the more typical and unambiguous case of an (opaque) door.
When the door is open, you can see into the house. When its closed, you cannot see into it.
There's no need to muddle transparent/non-transparent with open/closed in order to try to prove a point.
From the OSI website:
http://www.opensource.org/docs/certification_mark.html Unfortunately, the term "open source" itself is subject to misuse, and because it's considered descriptive, it can't currently be legally protected as a trademark (which would have been our first choice). From that same page, they DO have a trademark, but its not on 'open source': Since the community needs a reliable way of knowing whether a piece of software really is open source, OSI is registering a trademark, Open Source Initiative Approved, for this purpose. If you see this mark on a piece of software, either the software really is being distributed under a license that conforms to the Open Source Definition, or the distributor is misusing the mark and thereby breaking the law. Please make some sort of attempt to be at least remotely factually accurate in your postings.
Up in arms about what, exactly?
MS' use of the term 'shared source'?
So they purposely chose a term that is different and obviously not 'open source', and have went to great lengths to make sure that no one reading about this stuff confuses them with open source.
What exactly are we supposed to be up in arms about?
The term 'shared source' is descriptively accurate, in that it is source that MS is sharing. The word 'shared' in no way implies to any reasonable person that it is open or free/libre.
I really dont see the problem.
Can you cite this?
I think what you mean to say is that they got the OSI folks to approve MS-PL and MS-RL as Open Source licenses.
Nowhere does anything say that they are GPLv3 compatible. I'm fairly sure a trivial read of GPLv3 would show that the GPLv3 by itself would prohibit this.
If you think the term 'shared source' is confusing, then wouldnt also 'closed source' be confusing?
Isnt it relevant that MS has plastered all over their documentation that their licenses are NOT traditional open source licenses, and that they scrupulously avoid the term 'open source' for licenses that arent OSI approved?
Heck, lets look at their FAQ on the subject:
http://www.microsoft.com/resources/sharedsource/initiative/faq.mspx Q. Is the Shared Source Initiative "Open Sourcing" Microsoft code?
No. The term open source software (OSS) is broadly applied to any (or a combination) of four interrelated concepts: the OSS development model, OSS philosophies, OSS licensing regimes, and OSS business models. However, first and foremost, OSS is a development model built around the idea of community creation and sharing of source code. The other three concepts, and the debates surrounding them, lend further definition to the OSS movement or "culture."
Microsoft has been learning from the OSS community regarding the benefits of deeper collaboration and increased transparency leading to better communication with customers. We believe the most effective pathway for a commercial software company is to strike a balance between investing in research and development and the release of intellectual property assets in the form of source code for both reference and collaborative purposes.
For more information on Microsoft and open source, please visit http://www.microsoft.com/opensource. And lets look at the common acronyms of the things used:
MS-PL, MS-RL
Compare that to:
GPL
LGPL
Apache
BSD
etc
Where exactly do you see the confusion? I cant imagine any better way for MS to make them clear and unambiguous than by sticking MS- in front of them, and making sure they dont look anything like GPL or LGPL.
It sounds to me that you're so blinded by your zealotry that any MS use of the word 'source' in any form would be perceived by you as some great evil coming to get us.
No a piece of software can be fixed but saying it needs to mature implies it's immature and thus not ready.
Did you not read the paragraph you quoted? I listed all the things that change that are involved with a software product (especially an operating system) maturing. Drivers are huge. Third party software adapting to changes in the OS is huge. Resellers figuring out how to build a more stable distro is huge (you do realize that resellers heavily customize the distribution of windows, right? and that MS has no say over that, right?). Lastly, IT professionals learn the tricks and traps around using and managing the OS.
All of these things are factual things that happen. Most of them directly impact the stability, functionality of the system from the end-users perspective, and from that perspective are just all parts of the OS.
Are you seriously suggesting that there is no maturation of the ecosystem around OS's that affects their stability and functionality? If so, I'd like to hear some specific responses to the things I outlined above, about how they do not in fact have an effect.
There is more to a car than the steering wheel and gear shift. Secondly, programming plays a major part of car design these days.
Programming does play a part, but its much simpler in scope. In particular, a key element is that its a fixed system. You dont have other people randomly adding other software elements to it that it must be expected to work with. (yes, there are 3rd party chipping systems, but there is no expectation from the car maker that these things are supported, and the chip vendors often have to do major reverse engineering work to get them functional).
In fact some cars run Windows if MS can supposedly get it right for the car then why not at home?
The cars dont 'run' windows, as in that windows has anything to do with the functionality of the car. It's all ancillary stuff like radio, navigation, phone, etc. And that windows version is a heavily modified, stripped down version that *gasp* is highly limited to the platforms it will run on.
Exactly, when a car does fowl up on a massive scale it's taken off the market. That's not the case with an OS and an OS isn't just something you play around with.
A car is taken off the market if and only if either 1) the car manufacturer decides that a recall is less expensive than individual lawsuits and repairs, or 2) a gov agency demands it.
/. blather, this is not even remotely the case here. The problems resulting from installs is, from everything I can see, a tiny proportion of the population. However, every nut can make a blog, so this kind of stuff gets big press now. In all seriousness, you could have this level of news if only 100 people had this problem.
However, OS's can be patched much easier. Some car/recall situations do get 'patched' in that you are instructed to take your car into a dealer and they make a modification.
The bar to take something off the market though is fairly high. It has to either actively injure/hurt/kill people or their tangible property, or cause problems on such a massive scale that its disruptive to society.
Despite the
This isn't something that should just be released in a half assed manner by a company that takes zero responsibility for what it does.
I think you underestimate the complexity of the issue here. The number of permutations that could be present on a machine is nearly infinite. You cant test an infinite number of things. Especially when OEMs are able to cause their own set of problems with their custom distributions.
Of course it should translate into better products. You have more money than anyone else. You should then be able to buy the best programmers, you should be able to have a huge testing facility and just on those two factors alone means you produce something better than some small timer.
I
This again?
....
.... gargantuan. SMB2 for high bandwidth high latency networks is years overdue, but very welcome.
Gutmann ranks up there with such notoriety as Steve Gibson.
Since you so kindly linked it (as if anyone hasnt seen that waaaay back when it came out), did you bother to read it?
Do you notice that nowhere in the entire write-up does it ever mention whether any of Gutmann's theories are actually based on the product itself? Or just his theories about how someone might write an OS based on some white papers and documentation he's read?
Because, in true media-savvy pseudo-scientific fashion, Gutmann never actually makes any claim that any of his theories are actually borne out in the actual product. In fact, based on his writeup there, he's NEVER ACTUALLY TESTED ANY OF HIS THEORIES.
Think about that for a second. A research scientist who makes huge claims about a product, based on his theoretical modelling of how it probably worked based on some white papers and documentation he read, but never actually tested whether any of his theories are true.
Thats not being a very good scientists.
You have to take stuff like this with a grain of salt, you can't just believe everything you read.
I'll state it again, for clarity:
ALL of Gutmann's Vista postings are theoretical.
He has NEVER (based on that document) tested any of his theories against the actual product.
Nearly all of his theories are based on how he believes 3rd party IHVs would develop drivers if they adhered perfectly to the spec, which they are not required to do.
All that being said, even if all of Gutmann's theories were perfectly borne out in reality (which they dont appear to be), these are all optional systems.
In addition, one bad optional subsystem does not make the entire product broken by design. There are numerous huge improvements to the underlying product. Just the lightweight MAC style perms on services, and the windowing re-write to prevent shatter style attacks, are big. The new process scheduler and I/O scheduler are huge. The kernel patch protection is just
There are literally dozens more.
And lastly, as my business' self-chosen Vista guinea pig (Vista Business x64), I've got to say its been surprisingly good. I havent run into any of Gutmann's theoretical problems, and the system has been quite amazingly stable. Much more so than my XP boxes were, at least as measured by how long my laptop can do its daily duty (4-10 standby/hibernates, and several dozen network/vpn switches) without needing to be rebooted. In general, my lapto is still quite stable when super tuesday comes up each month, and still not needing a reboot.
Based on my direct, personal experience (ie, not theoretical rumblings), Vista has made some significant fundamental improvements in the Windows OS. However, it was released rough, and is still stabilizing.
You do of course realize that only bad techs do what you describe?
Or (sometimes) organizations that have their imaging process down to such a polish that rolling out a new machine takes 30-60 minutes to completion, and so they make a business/economic decision not to try to do individual troubleshooting unless they detect widespread problems.
But overall what your'e talking about are lazy/incompetent techs.
Everything in windows is repairable. Sometimes its not worth the cost to do so, but good techs will often take the time to figure out why, so that they're armed in the future.
The hard drive is hit a bit more, and the results take a little longer, and the processor jumps to 10-20%, but thats the only difference I see.
And frankly, my suggestion would be to leave indexing on. You take a 1-2 day hit in performance (more or less, depending how much data you have and how fast your machine is), once ever. Then its indexed, and you never get hit by that drive-thrashing business again, but search is instant throughout the OS.
You've got it backwards.
XP was only passable because of 7+ years of maturing on largely the same core system. But it had many huge glaring defects in its underlying systems. It was broken by (legacy) design, and only usable through many years of polish.
Vista has many things finally done right internally, with huge, technically and architecturally improved internals. But Vista failed miserably at: marketing (particularly around the Vista capable garbage), hardware ecosystem (ie, bad drivers), software ecosystem (ie, poorly built software that didnt work in Vista's locked down environment).
But like XP, Vista will mature, and the market will adapt around it. And once it stabilizes, its a vastly technically superior system than XP was, albeit at a cost of massively increased resource requirements.
Your suggestion that nothing changes once a v1.0 product releases is what is rubbish. All of what I describe is true of nearly every piece of software, and definitely all OSs. Console gaming was always superior to PC gaming in terms of quality because there wasn't any patching. No patching? Every console I've ever owned (except the SNES) has patched itself. And games on them have received patches. And this seems like a reasonable tradeoff to me, as my current xbox 360 can do so very many things that my SNES back in the day could never do. There is no reason software companies, especially one as large and as rich as Microsoft can't get it right on the first go. And lets follow that line of thought.
Compare an operating system to a car. A car is at least a couple orders of magnitude simpler (ie, less complexity) than an Operating System. And it has a high risk of death or injury if they dont get something right. Whereas with an OS the worst risk is some minor property loss.
Yet cars have lots of problems. Lots of recalls. Lots of problems that dont cost car manufacturers enough money to make it worth going through a recall. Lots of poor user engineering, and inherently faulty (ie, fast fail) designs.
And operating systems are a little worse. But the complexity is hugely bigger, and the risks/downsides are much less.
Sounds pretty reasonable to me. Not ideal, but quite in line with a pragmatic approach to reality.
Why do you think company size and wealth should translate to better products? There is absolutely no evidence (and much counter evidence, Brooks, et al) to show that bigger companies produce better software. Tell me this, are you willing to by a car, dvd player or microwave that only sort of works out of the box and the manufacturer promising to fix it at a later date? Yeah, thats how pretty much all those industries work. Every car I've ever bought has been inferior to the one that came out the very next year. They keep doing crazy stuff like making improvements, adding new features, and overall refining the product. Kind of like software.
This is incorrect.
I've personally made successful sql injection attacks (in-house pen testing, not black hatting) of this sort against a variety of other platforms that had nothing to do with Microsoft, including Oracle and MySQL.
I'm not going to go into details here as I already responded in more detail to another of your posts.
Whoops, unclosed quote tag there.
The last three paragraphs are mine, responding to the quoted fourth-from-last.
Most mainstream databases allow you to do this. Oracle and MySQL off the top of my head that I've personally done this on.
Some db adapter libraries (like one of the real simple ones in PHP for MySQL) dont let both statements get through and/or throw an error, and/or cant handle multiple result sets.
But keep in mind, an attack like this doesnt require both statements to be run in the same batch or in the same transaction, since there's no connection between the two and no result set from the second command.
This simplifies the requirements. Some DB libraries dont allow multiple result sets to come back, but the vast majority allow multiple commands to be sent. Catalog access isn't much of a vulnerability if an attacker cannot trivially execute SQL ad lib. with a single unchecked parameter.
What allows an attacker to trivially execute SQL isnt anything to do with MSSQL, but with the app design that is concatenating sql strings and then passing them unchecked to the db.
This exact problem is hugely rampant on PHP/MySQL sites.
When doing casual pen-testing at prior jobs, I've made this sort of attack work against Oracle WebDB, PHP/MySQL, ASP/MSSQL, and Java/Oracle.
1. Use prepared statements (also sometimes called parameterized queries, and what you're calling placeholders).
2. Use stored procedures and pass parameters.
3. Clean the form fields before putting them into your sql statement (the php approach, and also the least safe).
You could do this in hibernate as well. Hibernate allows you to run raw sql against the db (in addition to the HQL, you can also send raw SQL).
.NET.
We've used this in the past where we had to do some fairly extreme performance optimizations for a hideous query across many joined tables, etc etc. The different db platforms required server-specific syntax to get it to perform adequately.
In addition, Hibernate is only avaialbe on Java and
This particular story is about ASP (not asp.net) pages getting hit, for which hibernate is not available.
There are other simpler solutions that arent so painful or intrusive.
The easiest is just to use prepared/parameterized queries.
I think many of us have gone through the 'everything should be stored procedures' phase, but that really only works for a niche (albeit a large one) of app development.
You keep saying 'multiple statement protection' as if allowing multiple statements in a batch is a bad thing that should be prevented by any sane person.
Allowing multiple statements (and multiple active result sets) is a commonly used feature for many legitimate purposes. It's not something bad to be blocked. Nearly every major db platform provides this.
Some of the language-specific adapters to said sql servers never got around to implementing this feature, but its not blocked because its a security risk.
Saying so is roughly equivalent to saying governments should enact 'metal protection' and outlaw all forms of metal, just because its possible to use metal to make a knife and hurt people.